Bios Secure Boot Configuration Modification Reporting System

The present disclosure relates generally to information handling systems, and more particularly to reporting modifications to a secure boot configuration for a BIOS in an information handling system.

As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.

Information handling systems such as, for example, server devices and/or other computing devices known in the art, include a Basic Input/Output System (BIOS) that may be provided with a secure boot configuration that is utilized by the BIOS to securely boot or otherwise initialize the computing device. However, the secure boot configuration for the BIOS must occasionally be modified, which can raise some issues.

For example, the BIOS for many computing devices are using “old” secure boot certificates (e.g., MICROSOFT® WINDOWS® Production Certificate Authority (PCA) 2011 certificates, the MICROSOFT® Corporation Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA) 2011 certificates, and the MICROSOFT® Corporation Key Exchange Key (KEK) (CA) certificates that will expire in 2026) in their secure boot configurations, and BIOS providers (e.g., computing device manufacturers) must perform a “certificate transition” secure boot configuration modification that updates the secure boot databases in the secure boot configuration for the BIOS in those computing devices (e.g., via a BIOS update) with “new” secure boot certificates (e.g., MICROSOFT® UEFI CA 2023 certificates and MICROSOFT® Corporation KEK 2K CA 2023 certificates) such that the secure boot configuration for the BIOS of those computing devices includes both the “old” and “new” secure boot certificates in order to support the secure boot of those computing devices with both “old” and “new” operating systems.

To provide another example, a system owner (e.g., a BIOS provider, a computing device user, an Information Technology (IT) administrator, etc.) may perform a “DBX update” secure boot configuration modification to update the secure boot databases in the secure boot configuration for the BIOS in computing devices in order to protect the computing device from evolving threats (e.g., a revoked signature database (also called the “DBX” database) in the secure boot configuration for the BIOS in a computing device may be updated with a signature that identifies a component and prevents that component from operating with the computing device).

In order to maintain the integrity of the secure boot configuration of the BIOS in computing devices, the BIOS detects modifications to the secure boot configuration between each boot of the computing device. For example, during a current boot of the computing device, the BIOS may perform a hashing operation on the secure boot configuration to generate a “current” hash value, and compare it to a “most recent” hash value generated via a performance of the hashing operation on the secure boot configuration during a “most recent” boot of the computing device, with a modification to the secure boot configuration detected if the “current” hash value does not match the “most recent” hash value. In response to detecting a modification to the secure boot configuration, the BIOS may generate a secure boot warning message that simply identifies the modification to the secure boot configuration (e.g. a “UEFI0074” warning that “The Secure Boot policy has been modified”) without any further information about that modification, and provide the secure boot warning message for display on a display device of the computing device, while also logging that warning message in a lifecycle log.

However, conventional BIOS perform the secure boot configuration modification detection discussed above following BIOS updates like those that update the secure boot configuration as described above, and inventors of the present disclosure have found that the displaying of the secure boot warning message described above in response to the “certificate transition” secure boot configuration modifications and “DBX update” secure boot configuration modifications described above results in increased customer support calls, frequent changes to the code and configuration of the BIOS by the BIOS development team (also referred to as “churn”), and other related issues, even in computing devices that do not enable secure boot in their BIOS.

Accordingly, it would be desirable to provide a BIOS secure boot modification system that addresses the issues discussed above.

According to one embodiment, an Information Handling System (IHS) includes a processing system; and a memory system that is coupled to the processing system and that includes instructions that, when executed by the processing system, cause the processing system to provide a Basic Input/Output System (BIOS) engine that is configured, during a first initialization of the IHS, to: generate, using a secure boot configuration, a first initialization hash value; determine whether the first initialization hash value matches a second initialization hash value that is stored in a non-volatile memory subsystem coupled to the processing system and that was generated using the secure boot configuration during a second initialization of the IHS that was performed prior to the first initialization of the IHS; generate, in response to determining that the first initialization hash value does not match the second initialization hash value, an unexpected secure boot configuration modification message; determine, in response to determining that the first initialization hash value matches the second initialization hash value, that a BIOS image included in the BIOS provides a modification to component authentication information included in the secure boot configuration; and generate, in response to determining that the BIOS image provides a modification to component authentication information included in the secure boot configuration, an expected secure boot configuration modification message.

For purposes of this disclosure, an information handling system may include any instrumentality or aggregate of instrumentalities operable to compute, calculate, determine, classify, process, transmit, receive, retrieve, originate, switch, store, display, communicate, manifest, detect, record, reproduce, handle, or utilize any form of information, intelligence, or data for business, scientific, control, or other purposes. For example, an information handling system may be a personal computer (e.g., desktop or laptop), tablet computer, mobile device (e.g., personal digital assistant (PDA) or smart phone), server (e.g., blade server or rack server), a network storage device, or any other suitable device and may vary in size, shape, performance, functionality, and price. The information handling system may include random access memory (RAM), one or more processing resources such as a central processing unit (CPU) or hardware or software control logic, ROM, and/or other types of nonvolatile memory. Additional components of the information handling system may include one or more disk drives, one or more network ports for communicating with external devices as well as various input and output (I/O) devices, such as a keyboard, a mouse, touchscreen and/or a video display. The information handling system may also include one or more buses operable to transmit communications between the various hardware components.

100 102 104 104 102 100 106 102 102 108 102 100 110 102 112 114 102 102 116 100 102 102 1 FIG. In one embodiment, IHS,, includes a processor, which is connected to a bus. Busserves as a connection between processorand other components of IHS. An input deviceis coupled to processorto provide input to processor. Examples of input devices may include keyboards, touchscreens, pointing devices such as mouses, trackballs, and trackpads, and/or a variety of other input devices known in the art. Programs and data are stored on a mass storage device, which is coupled to processor. Examples of mass storage devices may include hard discs, optical disks, magneto-optical discs, solid-state storage devices, and/or a variety of other mass storage devices known in the art. IHSfurther includes a display, which is coupled to processorby a video controller. A system memoryis coupled to processorto provide the processor with fast storage to facilitate execution of computer programs by processor. Examples of system memory may include random access memory (RAM) devices such as dynamic RAM (DRAM), synchronous DRAM (SDRAM), solid state memory devices, and/or a variety of other memory devices known in the art. In an embodiment, a chassishouses some or all of the components of IHS. It should be understood that other buses and intermediate circuits can be deployed between the components described above and processorto facilitate interconnection between the components and the processor.

2 FIG. 1 FIG. 200 200 100 100 200 Referring now to, an embodiment of a computing deviceis illustrated that may provide the BIOS secure boot modification reporting system of the present disclosure. In an embodiment, the computing devicemay be provided by the IHSdiscussed above with reference to, and/or may include some or all of the components of the IHS, and in specific examples may be provided by a server device. However, while illustrated and discussed as being provided by a server device, one of skill in the art in possession of the present disclosure will recognize that computing devices provided in the BIOS secure boot modification reporting system of the present disclosure may include laptop/notebook computing devices, desktop computing devices, tablet computing devices, mobile phones, networking devices (e.g., switch devices), storage systems, and/or any other computing devices that may be configured to operate similarly as the computing devicediscussed below.

200 202 200 202 204 204 In the illustrated embodiment, the computing deviceincludes a chassisthat houses the components of the computing device, only some of which are illustrated and described below. For example, the chassismay house a BIOS processing system (not illustrated, but which may be provided by BIOS processing firmware) and a BIOS memory system (not illustrated, but which may be provided by BIOS memory firmware such as, for example, a Serial Peripheral Interface (SPI) memory device) that is coupled to the BIOS processing system and that includes instructions that, when executed by the BIOS processing system, cause the BIOS processing system to provide a BIOSthat is configured to perform the functionality of the BIOS and/or computing devices discussed below. However, while illustrated and described as a “BIOS”, one of skill in the art in possession of the present disclosure will appreciate how the BIOSand/or its components may be provided according to the UEFI specification that defines an architecture for firmware used to initialize computing device hardware and an interface for interacting with an operating system.

204 206 204 208 204 208 204 204 210 206 For example, the BIOSmay include a BIOS enginethat is configured to perform any of the BIOS secure boot modification reporting functionality that is described as being performed by the BIOS engines, BIOS subsystems, and/or BIOS described below. Furthermore, the BIOSmay also include a BIOS imagethat includes a BIOS firmware volume and/or other data structures that store BIOS code and other BIOS information that is used by the BIOS processing system discussed above to provide the BIOS. As discussed below and as will be appreciated by one of skill in the art in possession of the present disclosure, the BIOS imagemay be provided with BIOS updates that may be authenticated before they are performed to update the BIOSas described below. Further still, the BIOSmay also include a BIOS storage subsystem (not illustrated, but which may be provided by BIOS storage firmware such as, for example, the SPI memory device discussed above) that is configured to provide a BIOS databasethat may store any of the information used by the BIOS engineas described below.

210 212 214 216 216 216 218 220 2 FIG. In the illustrated example, the BIOS databasestores a secure boot configurationthat includes a plurality of BIOS settings, as well as a plurality of secure boot databases. To provide a specific example, the plurality of secure boot databasesmay be provided by an authorized signatures database (also called a “DB” database), a revoked signatures database (also called a “DBX” database), a Key Exchange Key (KEK) database, a Platform Key (PK) database, a timestamp database (also called a “DBT” database), and/or any other databases that would be apparent to one of skill in the art in possession of the present disclosure, any of which may be provided by secure boot Unified Extensible Firmware Interface (UEFI) variables. As illustrated in, any of the secure boot databasesmay store certificates, signatures(e.g., which may be provided by hash values or other signatures known in the art), keys, and/or other secure boot database information that would be apparent to one of skill in the art in possession of the present disclosure.

202 224 206 204 224 224 204 224 200 224 204 224 The chassisalso houses a non-volatile memory subsystemthat is illustrated and described as being coupled to the BIOS enginein the BIOS(e.g., via a coupling between the non-volatile memory subsystemand the BIOS processing firmware discussed above), and while the non-volatile memory subsystemis illustrated and discussed as being separate from the BIOS(e.g., the non-volatile memory subsystemmay be provided by any non-volatile memory device housed in or coupled to the computing device), one of skill in the art in possession of the present disclosure will appreciate how the non-volatile memory subsystemmay be included in the BIOS(e.g., the non-volatile memory subsystemmay be included in the SPI memory device discussed above) while remaining within the scope of the present disclosure as well.

202 226 206 204 226 226 202 226 226 200 226 202 228 206 204 228 230 In the illustrated embodiment, the chassisalso houses a display devicethat is coupled to the BIOS enginein the BIOS(e.g., via a coupling between the display deviceand the BIOS processing firmware discussed above), and while the display deviceis illustrated and described as being housed in the chassis(e.g., the display devicemay be provided in a laptop/notebook computing device), the display devicemay be coupled to the computing device(e.g., the display devicemay be an external display device coupled to a desktop computing device or as part of a separate management computing device that is coupled to a server device) while remaining within the scope of the present disclosure as well. As illustrated, the chassismay also house a Baseboard Management Controller (BMC) devicethat is coupled to the BIOS enginein the BIOS(e.g., via a coupling between the BMC deviceand the BIOS processing firmware discussed above), and that includes a lifecycle log.

228 200 200 228 208 200 200 As will be appreciated by one of skill in the art in possession of the present disclosure, the BMC devicemay be provided by an integrated DELL® Remote Access Controller (iDRAC) included in server devices available from DELL® Inc. of Round Rock, Texas, United States, and thus may be configured to provide Out-Of-Band (OOB) management for the computing deviceusing mostly separate resources from the computing device in order to provide a browser-based interface or Command-Line Interface (CLI) for managing and monitoring hardware in the computing device(e.g., the BMC devicemay be configured to manage the BIOS updates discussed above that may be provided in the BIOS image). However, while a specific computing devicehas been illustrated and described, one of skill in the art in possession of the present disclosure will recognize that computing devices (or other devices operating according to the teachings of the present disclosure in a manner similar to that described below for the computing device) may include a variety of components and/or component configurations for providing conventional computing device functionality, as well as the BIOS secure boot modification reporting functionality discussed below, while remaining within the scope of the present disclosure as well.

3 FIG. 300 Referring now to, an embodiment of a methodfor reporting modifications to a secure boot configuration in a Basic Input Output System (BIOS) is illustrated. As discussed below, the systems and methods of the present disclosure distinguish between expected and unexpected modifications to a secure boot configuration in a BIOS and generate an expected secure boot configuration modification message when expected modifications to the secure boot configuration are identified. For example, the BIOS secure boot configuration modification reporting system of the present disclosure may include a computing device housing a non-volatile memory subsystem coupled to a BIOS having a BIOS database that stores a secure boot configuration. During a current initialization of the computing device, the BIOS uses the secure boot configuration to generate a current initialization hash value, determines whether the current initialization hash value matches a previous initialization hash value in the non-volatile memory subsystem that was generated using the secure boot configuration during a previous initialization of the computing device and, if not, generates an unexpected secure boot configuration modification message. If the current initialization hash value matches the second initialization hash value, the BIOS determines that a BIOS image included in the BIOS provides a modification to component authentication information included in the secure boot configuration and, in response, generates an expected secure boot configuration modification message. As such, expected modifications to a secure boot configuration in a BIOS may be identified to users to reduce customer support calls, frequent changes to the code and configuration of the BIOS by the BIOS development team (also referred to as “churn”), and other related issues discussed above.

4 FIG. 300 300 200 206 204 400 212 221 200 224 212 200 214 218 220 222 216 212 With reference toand as will be recognized by one of skill in the art in possession of the present disclosure, prior to the “current” iteration of the methoddiscussed below and as part of a “previous” iteration of the methodthat occurs during a “previous” initialization of the computing device, the BIOS enginein the BIOSmay perform initialization hash value provisioning operationsthat may include performing a hashing operation (e.g., a Secure Hash Algorithm (SHA) hashing operation and/or other hashing operations known in the art) using information stored in the secure boot configurationto generate a “previous” initialization hash value for the secure boot configurationduring that “previous” initialization of the computing device, and storing that “previous” initialization hash value in the non-volatile memory subsystem. As such, one of skill in the art in possession of the present disclosure will appreciate how the “previous” initialization hash value for the secure boot configurationduring the “previous” initialization of the computing devicemay be generated using information in the BIOS settings; the certificates, signatures, and keysin the secure boot databases; and/or any other information that one of skill in the art in possession of the present disclosure will recognize may be included in the secure boot configuration.

300 302 302 200 204 200 302 200 206 204 500 212 212 200 212 200 214 218 220 222 216 212 5 FIG. The methodbegins at blockwhere a BIOS subsystem begins a current initialization of a computing device and uses a secure boot configuration to generate a current initialization hash value. In an embodiment, at block, the computing devicemay be powered on, booted, reset, rebooted, and/or otherwise initialized and, in response, the BIOSmay begin a “current” initialization of the computing device. With reference to, in an embodiment of blockand as part of the “current” initialization of the computing device, the BIOS enginein the BIOSmay perform initialization hash value generation operationsthat may include performing a hashing operation (e.g., a SHA hashing operation and/or other hashing operations known in the art) using information stored in the secure boot configurationto generate a “current” initialization hash value for the secure boot configurationduring that “current” initialization of the computing device. As such, one of skill in the art in possession of the present disclosure will appreciate how the “current” initialization hash value for the secure boot configurationduring the “current” initialization of the computing devicemay be generated using information in the BIOS settings; the certificates, signatures, and keysin the secure boot databases; and/or any other information that one of skill in the art in possession of the present disclosure will recognize may be included in the secure boot configuration.

300 304 300 304 300 212 204 304 200 212 208 216 212 304 208 The methodthen proceeds to decision blockwhere the methodproceeds depending on whether the current initialization hash value matches a previous initialization hash value that was generated using the secure boot configuration during a previous initialization of the computing device. As discussed below, decision blockof the methodprovides for a determination of whether an “unexpected” secure boot configuration modification has been made to the secure boot configurationof the BIOS, and one of skill in the art in possession of the present disclosure will appreciate how decision blockis performed prior to the performance during the “current” initialization of the computing deviceof any updates to that secure boot configurationthat may be provided by the BIOS image(e.g., the BIOS updates that modify certificates, signatures, or other information in the secure boot databasesas described above) in order to ensure that any modifications detected to the secure boot configurationat decision blockare not a result of an update provided by the BIOS image.

212 214 218 220 222 216 212 200 As will be appreciated by one of skill in the art in possession of the present disclosure, the hashing operation used to generate the “current” initialization hash value and the “previous” hash value discussed above will produce identical hash values when performed using identical information in the secure boot configuration(i.e., when the information in the BIOS settings; the certificates, signatures, and keysin the secure boot databases; and/or any other information included in the secure boot configurationis not modified between the “previous” initialization and the “current” initialization of the computing device).

212 214 218 220 222 216 212 304 206 204 502 224 5 FIG. As such, one of skill in the art in possession of the present disclosure will also appreciate how the hashing operation used to generate the “current” initialization hash value and the “previous” hash value discussed above will produce different hash values when performed using different information in the secure boot configuration(i.e., when the information in the BIOS settings; the certificates, signatures, and keysin the secure boot databases; and/or any other information included in the secure boot configurationis modified between the “previous” initialization and the “current” initialization of the computing device). As such, with continued reference to, in an embodiment of decision block, the BIOS enginein the BIOSmay perform initialization hash value comparison operationsthat include retrieving the “previous” initialization hash value from the non-volatile memory subsystem, and comparing the “current” initialization hash value to that “previous” initialization hash value. However, while the use of hash values to detect changes in the secure boot configuration have been described, one of skill in the art in possession of the present disclosure will appreciate how other techniques for detecting changes in the secure boot configuration will fall within the scope of the present disclosure as well.

304 300 306 304 502 214 218 220 222 216 212 200 If, at decision block, the current initialization hash value does not match the previous initialization hash value, the methodproceeds to blockwhere the BIOS subsystem generates an unexpected secure boot configuration modification message. In an embodiment, at decision block, the initialization hash value comparison operationsmay include comparing the “current” initialization hash value to the “previous” initialization hash value and determining that the “current” initialization hash value does not match the “previous” initialization hash value. As discussed above and as will be appreciated by one of skill in the art in possession of the present disclosure, any difference between the “current” initialization hash value and the “previous” initialization hash value is indicative of a modification of information in the secure boot configuration (i.e., a modification of the information in the BIOS settings; a modification of the certificates, signatures, and keysin the secure boot databases; and/or a modification of any other information included in the secure boot configuration) between the “previous” initialization and the “current” initialization of the computing device.

208 212 212 212 216 200 200 As discussed below, any “expected” secure boot configuration modifications that may be provided by BIOS updates and/or other information provided in a BIOS firmware volume included in the BIOS imagewill not be made to the secure boot configurationprior to the generation of the “current” initialization hash value, and thus the modification of the information in the secure boot configurationidentified when the “current” initialization hash value does not match the “previous” initialization hash value provides an “unexpected” secure boot configuration modification that may be an unauthorized modification to the secure boot configuration(e.g., an unauthorized modification performed by an unauthorized user that has gained unauthorized access to the secure boot databases(e.g., via an operating system running on the computing deviceprior to the “current” initialization of the computing device)).

6 FIG. 306 208 204 600 226 230 228 As such, with reference toand in an embodiment of block, the BIOS enginein the BIOSmay perform “unexpected” secure boot configuration modification message generation operationsthat may include generating an “unexpected” secure boot configuration modification message that may be displayed on the display device, provided in the lifecycle logincluded in the BMC device, and/or transmitted to a network administrator or other user using any techniques that would be apparent to one of skill in the art in possession of the present disclosure. In a specific example, the “unexpected” secure boot configuration modification message may be provided by a “UEFI0074” warning message (e.g., “The Secure Boot policy has been modified”), although one of skill in the art in possession of the present disclosure will appreciate how other “unexpected” secure boot configuration modification messages will fall within the scope of the present disclosure as well.

306 212 As will be appreciated by one of skill in the art in possession of the present disclosure, the “unexpected” secure boot configuration modification message generated at blockmay be relatively alarming to a network administrator or other user, particularly if that network administrator or other user did not perform that “unexpected” secure boot configuration modification to the secure boot configuration, and may result in the customer support calls discussed above. However, one of skill in the art in possession of the present disclosure will recognize that the possibility that the “unexpected” secure boot configuration modification is an unauthorized modification to the secure boot configuration as described above warrants such actions.

300 308 308 206 700 302 224 224 302 224 300 200 7 FIG. The methodthen proceeds to blockwhere the BIOS subsystem updates the previous initialization hash value with the current initialization hash value. With reference to, in an embodiment of block, the BIOS enginemay perform initialization hash value update operationsthat include storing the “current” initialization hash value generated at blockin the non-volatile memory subsystemin place of the “previous” initialization hash value discussed above (i.e., deleting the “previous” initialization hash value from the non-volatile memory subsystem, and storing the “current” initialization hash value generated at blockin its place in the non-volatile memory subsystem). As will be appreciated by one of skill in the art in possession of the present disclosure, the “current” initialization hash value may then become the “previous” initialization hash value such that it may be utilized similarly as discussed above in a subsequent iteration of the methodand during a subsequent initialization of the computing device.

304 308 300 310 300 304 502 214 218 220 222 216 212 200 If at decision blockthe current initialization hash value matches the previous initialization hash value, or following block, the methodproceeds to decision blockwhere the methodproceeds depending on whether a BIOS image provides a modification to component authentication information in the secure boot configuration. In an embodiment, at decision block, the initialization hash value comparison operationsmay include comparing the “current” initialization hash value to the “previous” initialization hash value and determining that the “current” initialization hash value matches the “previous” initialization hash value. As discussed above and as will be appreciated by one of skill in the art in possession of the present disclosure, the matching of the “current” initialization hash value and the “previous” initialization hash value is indicative that there have been no modifications of information in the secure boot configuration (i.e., the information in the BIOS settings; the certificates, signatures, and keysin the secure boot databases; and/or any other information included in the secure boot configuration) between the “previous” initialization and the “current” initialization of the computing device.

8 FIG. 310 206 204 800 208 208 216 208 216 200 208 208 208 204 208 208 208 216 212 204 With reference to, in an embodiment of decision block, the BIOS enginein the BIOSmay then perform secure boot configuration component authentication information modification detection operationsthat may include identifying component authentication information included in the BIOS image, and comparing the component authentication information in the BIOS imageto component authentication information included in the secure boot databasesto determine whether the component authentication information included in the BIOS imagemodifies component authentication information included in the secure boot databases. For example, prior to the “current” initialization of the computing device, the BIOS image, a BIOS firmware volume in the BIOS image, and/or component authentication information included in the BIOS firmware volume in the BIOS imagemay be updated (e.g., as part of an BIOS update being performed for the BIOS) such that the BIOS image, the BIOS firmware volume in the BIOS image, and/or component authentication information included in the BIOS firmware volume in the BIOS imageprovides a modification to component authentication information that is stored in the secure boot databasesin the secure boot configurationfor the BIOS.

208 204 218 216 212 204 2 204 310 206 208 216 212 204 216 To provide a specific example, the BIOS imagemay be updated as part of the BIOS update described above such that it includes one or more certificates that have been provided for use by the BIOSin place of (or in addition to) one or more of the certificatesthat are stored in the secure boot databasesin the secure boot configurationfor the BIOS(e.g., WINDOWS® UEFI CA 2023 certificates, MICROSOFT UEFI CA 2023 certificates, MICROSOFT® Option ROM UEFI CA 2023 certificates, and/or MICROSOFT® Corporation KEKK CA 2023 certificates that have been provided for use by the BIOSin place of (or in addition to) older secure boot certificates (e.g., MICROSOFT® WINDOWS® PCA 2011 certificates, MICROSOFT® UEFI CA 2011 certificates, and MICROSOFT® Corporation KEK CA 2011 certificates that will expire in 2026 as described above). As such, at decision block, the BIOS enginemay determine whether the BIOS imageincludes one or more certificates that modify the component authentication information in secure boot databasesin the secure boot configurationfor the BIOSvia their addition to the secure boot databases.

208 204 216 200 310 206 208 216 212 204 216 To provide another specific example, the BIOS imagemay be updated as part of the BIOS update described above such that it includes one or more signatures (e.g., hash values and/or other signatures known in the art) that have been provided for use by the BIOSin a revoked signatures database (e.g. a “DBX” database) that is included in the secure boot databasesto prevent to use of corresponding software components that are not trusted, subject to security vulnerabilities, subject to stability issues, and/or that should otherwise not be allowed to run on or with the computing device. As such, at decision block, the BIOS enginemay determine whether the BIOS imageincludes one or more signatures that modify the secure boot databasesin the secure boot configurationfor the BIOSvia their addition to the secure boot databases. However, while two specific examples have been provided, one of skill in the art in possession of the present disclosure will appreciate how component authentication information in secure boot databases in a secure boot configuration for a BIOS may be modified in a variety of manners (e.g., the BIOS image may provide for the replacement, removal, etc., of certificates, signatures, and/or keys from those secure boot databases) while remaining within the scope of the present disclosure as well.

310 300 312 312 204 200 200 306 If, at decision block, the BIOS image does not provide a modification to component authentication information in the secure boot configuration, the methodproceeds to blockwhere the BIOS subsystem completes the initialization of the computing device. In an embodiment, at block, the BIOSmay complete the “current” initialization of the computing device, and one of skill in the art in possession of the present disclosure will appreciate how the “completion” of the “current” initialization of the computing devicemay differ depending on whether an “unexpected” secure boot configuration modification message was generated at block.

306 200 306 306 Furthermore, if an “unexpected” secure boot configuration modification message was generated at block, the “completion” of the “current” initialization of the computing devicemay differ depending on a response by the network administrator or other users to an “unexpected” secure boot configuration modification message generated at block, a BIOS/computing device policy for responding to an “unexpected” secure boot configuration modification message generated at block, and/or based on any other factors that would be apparent to one of skill in the art in possession of the present disclosure.

200 306 200 200 200 200 306 200 200 200 204 As such, in some examples the completion of the “current” initialization of the computing deviceafter an “unexpected” secure boot configuration modification message was generated at blockmay include loading an operating system for the computing deviceand allowing the computing deviceto begin runtime operations in which the operating system controls the computing device(e.g., when the “unexpected” secure boot configuration modification was provided, authorized by, or otherwise intended by a network administrator or other user), while in other examples the completion of the “current” initialization of the computing deviceafter an “unexpected” secure boot configuration modification message was generated at blockmay include providing the computing devicein a “safe mode”, ending the initialization operations prior to allowing the computing deviceto begin the runtime operations discussed above, quarantining the computing device, and/or performing any other “unexpected” secure boot configuration modification response operations that one of skill in the art in possession of the present disclosure would recognize as being performed in response to an unexpected change in the secure boot configuration of the BIOS(e.g., when the “unexpected” secure boot configuration modification was not provided by, authorized, or otherwise intended by a network administrator or other user).

306 310 206 204 208 212 204 200 312 200 200 200 by However, in embodiments in which no “unexpected” secure boot configuration modification message was generated at block, at decision block, the BIOS enginein the BIOSmay determine that the BIOS imagedoes not provide modifications to the component authentication information in the secure boot configurationfor the BIOSand, in response, may complete the “current” initialization of the computing deviceat blockloading an operating system for the computing deviceand allowing the computing deviceto begin runtime operations in which the operating system controls the computing device.

310 300 314 314 206 204 208 212 204 314 208 204 900 226 230 228 9 FIG. If, at decision block, the BIOS image provides a modification to component authentication information in the secure boot configuration, the methodproceeds to blockwhere the BIOS subsystem generates an expected secure boot configuration modification message. In an embodiment, at decision block, the BIOS enginein the BIOSmay determine that the BIOS imageprovides modifications to the component authentication information in the secure boot configurationfor the BIOSand, in response, may generate an “expected” secure boot modification message. With reference to, in an embodiment of block, the BIOS enginein the BIOSmay perform “expected” secure boot configuration modification message generation operationsthat may include generating an “expected” secure boot configuration modification message that may be displayed on the display device, provided in the lifecycle logincluded in the BMC device, and/or transmitted to a network administrator or other user using any techniques that would be apparent to one of skill in the art in possession of the present disclosure.

216 314 In a specific example, the “expected” secure boot configuration modification message may be provided by any informational message that identifies the “expected” secure boot configuration modification and informs the network administrator or other user that the modification detected for the secure boot configurationis expected (e.g., “The recent BIOS update includes new certificates that modify the secure boot configuration. This is an intentional modification”), although one of skill in the art in possession of the present disclosure will appreciate how other “expected” secure boot configuration modification messages will fall within the scope of the present disclosure as well. As will be appreciated by one of skill in the art in possession of the present disclosure, the “expected” secure boot configuration modification message generated at blockmay be configured to prevent causing a network administrator or other user any alarm (i.e., as compared to the “unexpected” secure boot configuration modification messages described above), and is intended to inform the user of the modification to the secure boot configuration in a manner that prevents (or reduces) the customer support calls discussed above.

300 316 316 206 204 1000 208 208 208 216 216 212 902 218 904 220 10 FIG. The methodthen proceeds to blockwhere the BIOS subsystem modifies the component authentication information in the secure boot configuration to provide a modified secure boot configuration. With reference to, in an embodiment of block, the BIOS enginein the BIOSmay perform component authentication information modification operations(e.g., as part of BIOS update operations) that may include using the BIOS image, a BIOS firmware volume in the BIOS image, and/or component authentication information included in the BIOS firmware volume in the BIOS imageto modify the component authentication information in the secure boot databasesincluded in the secure boot configurationand provide a modified secure boot configuration, which is illustrated and described below as being modified by providing certificatesin place or (or in addition to) the certificatesdiscussed above, and providing signaturesin place or (or in addition to) the signaturesdiscussed above.

212 316 300 304 212 204 208 216 304 However, while a specific example is provided, one of skill in the art in possession of the present disclosure will appreciate how component authentication information in the secure boot configurationfor a BIOS may be modified in any of a variety of manners that will fall within the scope of the present disclosure as well. Furthermore, blockof the methodis performed subsequent to the performance of decision blockin order to ensure that any intended modifications to the secure boot configurationin the BIOSthat may be provided by the BIOS image(e.g., the BIOS updates that modify certificates or signatures in the secure boot databasesas described above) are not detected as “unexpected” secure boot configuration modifications at decision block.

300 318 200 212 316 206 204 1100 212 300 200 318 214 902 904 222 216 212 11 FIG. The methodthen proceeds to blockwhere the BIOS subsystem uses the modified secure boot configuration to generate an initialization hash value update. With reference to, as part of the “current” initialization of the computing deviceand subsequent to modifying the component authentication information in the secure boot configurationat block, the BIOS enginein the BIOSmay perform initialization hash value generation operationsthat may include performing a hashing operation (e.g., a SHA hashing operation and/or other hashing operations known in the art) using information stored in the secure boot configurationto generate an initialization hash value update that may provide the previous initialization hash value discussed above in a subsequent iteration of the methodand during a subsequent initialization of the computing device. As such, one of skill in the art in possession of the present disclosure will appreciate how the initialization hash value update may be generated at blockusing information in the BIOS settings; the certificates, signatures, and keysin the secure boot databases; and/or any other information that one of skill in the art in possession of the present disclosure will recognize may be included in the secure boot configuration.

300 320 320 206 1102 320 224 224 320 224 300 200 320 224 316 212 204 304 300 200 11 FIG. The methodthen proceeds to blockwhere the BIOS subsystem updates the previous initialization hash value with the initialization hash value update. With continued reference to, in an embodiment of block, the BIOS enginemay perform initialization hash value update operationsthat include storing the initialization hash value update generated at blockin the non-volatile memory subsystemin place of the “previous” initialization hash value discussed above (i.e., deleting the “previous” initialization hash value from the non-volatile memory subsystem, and storing the initialization hash value update generated at blockin its place in the non-volatile memory subsystem). As will be appreciated by one of skill in the art in possession of the present disclosure, the initialization hash value update may then become the “previous” initialization hash value such that it may be utilized similarly as discussed above in a subsequent iteration of the methodand during a subsequent initialization of the computing device. As will be appreciated by one of skill in the art in possession of the present disclosure, the replacement of the “previous” initialization hash value with the initialization hash value update generated at blockin the non-volatile memory subsystemoperates to “mask” the modification performed at blockof the secure boot configurationin the BIOSfrom the secure boot configuration modification detection procedure performed at decision blockof the subsequent iteration of the method(i.e., during the subsequent initialization of the computing device).

300 312 206 204 200 308 200 200 200 200 The methodthen proceeds to blockwhere the BIOS subsystem completes the initialization of the computing device similarly as described above. In an embodiment, the BIOS enginein the BIOSmay complete the “current” initialization of the computing deviceat block, and one of skill in the art in possession of the present disclosure will appreciate how the “completion” of the “current” initialization of the computing devicein this context (i.e., when only an “expected” secure boot configuration modification has been identified) may include loading an operating system for the computing deviceand allowing the computing deviceto begin runtime operations in which the operating system controls the computing device.

Thus, systems and methods have been described that distinguish between expected and unexpected modifications to a secure boot configuration in a BIOS and generate an expected secure boot configuration modification message when expected modifications to the secure boot configuration are identified. For example, the BIOS secure boot configuration modification reporting system of the present disclosure may include a computing device housing a non-volatile memory subsystem coupled to a BIOS having a BIOS database that stores a secure boot configuration. During a current initialization of the computing device, the BIOS uses the secure boot configuration to generate a current initialization hash value, determines whether the current initialization hash value matches a previous initialization hash value in the non-volatile memory subsystem that was generated using the secure boot configuration during a previous initialization of the computing device and, if not, generates an unexpected secure boot configuration modification message. If the current initialization hash value matches the second initialization hash value, the BIOS determines that a BIOS image included in the BIOS provides a modification to component authentication information included in the secure boot configuration and, in response, generates an expected secure boot configuration modification message. As such, expected modifications to a secure boot configuration in a BIOS may be identified to users to reduce customer support calls, frequent changes to the code and configuration of the BIOS by the BIOS development team (also referred to as “churn”), and other related issues discussed above.

Although illustrative embodiments have been shown and described, a wide range of modification, change and substitution is contemplated in the foregoing disclosure and in some instances, some features of the embodiments may be employed without a corresponding use of other features. Accordingly, it is appropriate that the appended claims be construed broadly and in a manner consistent with the scope of the embodiments disclosed herein.